Content
View differences
Updated by Jonas Heinrich (Finn) about 12 years ago
There is a security problem with the login page and protocol-relative redirect urls.
see:
- http://www.redmine.org/news/90
- http://www.redmine.org/projects/redmine/wiki/Security\_Advisories/13
I proposed a PR here: https://github.com/opf/openproject/pull/1060
Marutosi has a PR here: https://github.com/opf/openproject/pull/1059 although the tests fail and it is proposed against the `migrate/1.5_to_2.4` branch
We should backport the fix to `stable` and might do a new maintenance release.
see:
- http://www.redmine.org/news/90
- http://www.redmine.org/projects/redmine/wiki/Security\_Advisories/13
I proposed a PR here: https://github.com/opf/openproject/pull/1060
Marutosi has a PR here: https://github.com/opf/openproject/pull/1059 although the tests fail and it is proposed against the `migrate/1.5_to_2.4` branch
We should backport the fix to `stable` and might do a new maintenance release.